sschange
asked on
VPN Connection
Hi,
I guess this is a very wired question, but here it is:
I am trying to set up an VPN server. I do not want the clients to connect to the internal network (because I do not have one). I just want them to be able to browse the Internet through a VPN connection that they make to my server. I have set up a computer with Windows 2003 server on it. I have did set the server once but the clients could only connect to me and would not be able to browse the net. Please tell me step-by-step how to set up my server so it can accept clients and let them browse the internet through my internet connection.
Thanks,
I guess this is a very wired question, but here it is:
I am trying to set up an VPN server. I do not want the clients to connect to the internal network (because I do not have one). I just want them to be able to browse the Internet through a VPN connection that they make to my server. I have set up a computer with Windows 2003 server on it. I have did set the server once but the clients could only connect to me and would not be able to browse the net. Please tell me step-by-step how to set up my server so it can accept clients and let them browse the internet through my internet connection.
Thanks,
Do you hat Routing and remote acces installes on it ?
Run a proxy server on the VPN server, I have found Analogx "Proxy" to work well and it is free and simple to setup.
http://www.analogx.com/contents/download/network.htm
http://www.analogx.com/contents/download/network.htm
ASKER
yes, i do have the routing and remote access installed. The clients can make a connection to me, and i can see them when they are connected but they can not browse the internet. When i look at their status, i can see that I they are sending me packets, but their are not reciving any packets back from me.
I am going to try the analogx Proxy to see if it works.
I am going to try the analogx Proxy to see if it works.
Just out of curiousity why are you having computers connect to your server through VPN just to browse the internet? If they are vpning into your server don't they already have to have some kind of internet access?
Surely you want the clients to use their own internet connection for general browsing? Unless you are trying to setup some kind of anonymous proxy for them.
If you would like them to use their own connection, they need to untick the box "use default gateway on remote network" which is located under:
vpn connection --> properties --> networking
tcp/ip --> properties --> advanced
If you would like them to use their own connection, they need to untick the box "use default gateway on remote network" which is located under:
vpn connection --> properties --> networking
tcp/ip --> properties --> advanced
ASKER
yes, i am doing this so the clients(mostly my friends) can browse the net anonymously and also it would help them get past a few web sites blocks.
ccceqo2,
I have done what you have suggested, but still for some reason they can not browse the internet. As i said before, they can connect to me, and I can see them connected to me, but they can not send or receive packets. May be i have not set the server right. OR i have not done the ip addressing in the right way. If some one could tell me step-by-step how to set up the
Routing and remote acces in windows 2003 server, that would help alot. Also, how would you know if your isp alows VPN connection.
ccceqo2,
I have done what you have suggested, but still for some reason they can not browse the internet. As i said before, they can connect to me, and I can see them connected to me, but they can not send or receive packets. May be i have not set the server right. OR i have not done the ip addressing in the right way. If some one could tell me step-by-step how to set up the
Routing and remote acces in windows 2003 server, that would help alot. Also, how would you know if your isp alows VPN connection.
In my own experiments I can connect using RAS and browse the Internet through the VPN tunnel, but as soon as I use the same PC to connect by VPN through the Internet browsing the Internet stops working. I tried many fixes and did loads of packet monitoring trying to find the problem, in the end I found the requests seemed to be being routed correctly, both the VPN server and the router showed that a connection had been made to the relivent site, but data never got back to the client. In the end I set up a web proxy server and have never looked back since (it also speeds up browsing for clients using RAS).
Analogx is very quick and easy to setup, I will make some notes how to do it, give me a few minutes.
Analogx is very quick and easy to setup, I will make some notes how to do it, give me a few minutes.
"Also, how would you know if your isp alows VPN connection."
Well, you could actually try the connection. That's about all that is guaranteed to work. Since VPN is pretty important for business, I doubt any but the most regimented governments block access from an ISP level. If your friends are in a corporation trying to browse while working, it'll be hit and miss, since Admins generally don't want employees fcking with the security integrity of their networks.
I'm basing my assumptions on Win2k since that's what I use, but the theory if nothing else should carry over. I'm sure little has changed between releases.
I asssum you have one LAN entry, and potentially several VPN connections.
I recommend setting up a DNS & DHCP server on your PC to facilitate their VPN. Otherwise, they can forward data to your PC, but they won't know a DNS server to use. If not otherwise specified, they'll continue to search for their old DNS server which is located wherever they came from. If you don't have physical access to their old DNS servers, then they go nowhere through the LAN interface. If you don't have NAT setup on the windows machine (the horrible built-in 'internet connection scharing' system) that'll need to get done. Since their IP addresses won't be valid from your ISP, you'll need to make sure the Source-NAT'ed from your machine at home. This can be tested with a Packet Sniffer like Ethereal for Windows.
Well, you could actually try the connection. That's about all that is guaranteed to work. Since VPN is pretty important for business, I doubt any but the most regimented governments block access from an ISP level. If your friends are in a corporation trying to browse while working, it'll be hit and miss, since Admins generally don't want employees fcking with the security integrity of their networks.
I'm basing my assumptions on Win2k since that's what I use, but the theory if nothing else should carry over. I'm sure little has changed between releases.
I asssum you have one LAN entry, and potentially several VPN connections.
I recommend setting up a DNS & DHCP server on your PC to facilitate their VPN. Otherwise, they can forward data to your PC, but they won't know a DNS server to use. If not otherwise specified, they'll continue to search for their old DNS server which is located wherever they came from. If you don't have physical access to their old DNS servers, then they go nowhere through the LAN interface. If you don't have NAT setup on the windows machine (the horrible built-in 'internet connection scharing' system) that'll need to get done. Since their IP addresses won't be valid from your ISP, you'll need to make sure the Source-NAT'ed from your machine at home. This can be tested with a Packet Sniffer like Ethereal for Windows.
Install Analogx proxy, then in configuration the IP to enter in the "proxy binding" is the LAN IP address of the PC running Analogx.
On the client PCs open Internet Explorer, Tools, Internet options. Go to the Connections TAB, in the "Dial up and VPN settings" list you should see the VPN connection you setup on the PC, highlight it and click settings
Ensure only "use a proxy server for this connection" is ticked, then enter the IP address used in Analogx and enter the port as 6588
OK your way out and that is it, when the client uses VPN the Internet connection will automatically go through your server, if they aren't connected to VPN then the Internet will work normally.
On the client PCs open Internet Explorer, Tools, Internet options. Go to the Connections TAB, in the "Dial up and VPN settings" list you should see the VPN connection you setup on the PC, highlight it and click settings
Ensure only "use a proxy server for this connection" is ticked, then enter the IP address used in Analogx and enter the port as 6588
OK your way out and that is it, when the client uses VPN the Internet connection will automatically go through your server, if they aren't connected to VPN then the Internet will work normally.
ASKER
snerkel
do in need to have a different computer to set RAS on or can it be on the same computer?
same thing with DNS & DHCP, do I need to have a diferent servers for thoes as well?
do in need to have a different computer to set RAS on or can it be on the same computer?
same thing with DNS & DHCP, do I need to have a diferent servers for thoes as well?
Everything can run on the one PC if required. I assign a fixed IP to my VPN servers LAN card and also assign a fixed IP range in the VPN server for assigning to clients (eg I don't use the DHCP server for the VPN clients).
I can't help much with specifics of Windows 2003 server as I don't use it.
I can't help much with specifics of Windows 2003 server as I don't use it.
ASKER
I have not had time to try what you guys have suggested, let me try it and i will get back to you in a day..
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
chrispallet,
what exactly do you mean by offering approprite IP? Like i said i am new in the networking area. what would be a good range of IP addresses. Right now I have the Static IP pool set to 192.168.1.100 - 192.168.1.200. Also i do have the 'Router' and 'remote access server' checked. the 'use default gateway on remote network' was also cleared. still they can only connect to and not be able to browse the internet.
anything else you think i need to set?
thanks,
what exactly do you mean by offering approprite IP? Like i said i am new in the networking area. what would be a good range of IP addresses. Right now I have the Static IP pool set to 192.168.1.100 - 192.168.1.200. Also i do have the 'Router' and 'remote access server' checked. the 'use default gateway on remote network' was also cleared. still they can only connect to and not be able to browse the internet.
anything else you think i need to set?
thanks,
ASKER
Also what is the Windows 2003 Terminal Server? can anyone explaine it to me.
sschange,
Do you have DHCP running on your server? If so, you will not need the static IP pool. If you are not using DHCP then please advise what local (Lan) Ip your server has so we can advise on your static pool.
Also - when the client is connected to the VPN can they ping hosts on your network? I.e. your own personal machine, the server etc.
Regarding terminal server, I would suggest starting here: http://www.microsoft.com/windowsserver2003/technologies/terminalservices/default.mspx
Do you have DHCP running on your server? If so, you will not need the static IP pool. If you are not using DHCP then please advise what local (Lan) Ip your server has so we can advise on your static pool.
Also - when the client is connected to the VPN can they ping hosts on your network? I.e. your own personal machine, the server etc.
Regarding terminal server, I would suggest starting here: http://www.microsoft.com/windowsserver2003/technologies/terminalservices/default.mspx
ASKER
for some reason it still does not want to work. I will try to see what else i can come up with. if i have anymore questions i will post it again. thanks for all you guys's help and comments.